Categories

Meta

Category: Tech

[Edit 12/2015 – Since BitTorrent Sync hit 2.x, I’m no longer using it and I can no longer recommend it.]

Too many times, you’ve heard a cloud storage/sync product described as “like Dropbox.” There’s Box, OneDrive, Google Drive, iCloud Drive, Bitcasa, SpiderOak, Wuala, Transporter, and I’ve missed a bunch. It doesn’t matter because they’re all pretty bad, and nearly all have the same problem, which is that any data you upload can be decrypted by the provider. In the event of a bug or a breach, anyone could have access to your files.

BitTorrent Sync draws the inevitable comparison, but it’s different and better. It lets you sync folders between multiple machines, and it supports every major computing platform, but it works without a cloud component. It’s peer-to-peer, encrypted, and fast. Sync is in beta, but I replaced Dropbox with Sync over five months ago, and it’s been great. The most recent version even handles syncing OS X extended attributes with an intermediate Linux peer.

I’ve been using Sync to publish files to the web, replicate a Minecraft server, sync personal documents between my computers, access files on the go with my iPhone, automatically upload security camera footage offsite, and even back up my iPhone’s camera roll to a home computer. It works.

Sync makes ad-hoc sharing easy, with expiring and optionally read-only links. It’s one of the easiest and fastest ways to share large files.

The most intriguing feature of BitTorrent Sync is its ability to include peers that can sync without having a decryption key. I’ve taken advantage of that feature to keep a copy of my documents synchronized with my own cloud server. On that server, the file contents, names, and metadata are encrypted and I feel reasonably secure knowing that if someone hacked the server, my tax returns and security camera footage would remain private.

Sync is hard to get right, and BitTorrent Sync is impressive. On my wishlist: Hosted plans for folks who need the always-on aspect of cloud storage and can’t roll their own, and a Dropbox-compatible SDK for mobile app developers.

One of the 4TB external USB hard drives I use for local backups started randomly disconnecting a few days ago. Today it failed completely. It’s a Seagate Backup Plus model, where the bottom of the enclosure consists of a small, removable shim that contains the USB & power connections and the USB to SATA converter chip. After trying different USB ports and cables without success, I decided to hook up the drive directly using SATA. After trimming a SATA cable with a utility knife to make it fit the narrow port opening, hooking it up, and rebooting… Finder offered to initialize an unreadable disk.

Disk Utility showed a single unreadable 500GB partition and a FAT partition table. The drive previously had a GUID partition table, not FAT. I have no idea what corrupted the disk in such an interesting way, but TestDisk was able to quickly scan the drive, locate the partitions and types, and repair everything in just a few seconds. The user interface hails from the 1990’s, but the software worked wonders and it’s completely free and open-source. It also runs on Linux, Windows, and DOS.

All my backups are intact and valid. I haven’t figured out what to do with the drive, though. Anecdotal evidence from the Internet suggests USB/SATA adapters are prone to failure, but I’m guessing the cause is probably cheap, poorly-designed power supplies. I’m not sure if it’s worth opening a support case with Seagate.

My Amazon EC2 discount contract is almost up, and I’ve been playing with Google Compute Engine (GCE). Initial impressions are that it’s faster and costs less money, particularly if you don’t want to pay up-front for EC2 reserved instances. Google’s web console is more modern than Amazon’s, though slightly less sophisticated. Google’s CLI tools are much faster and don’t require Java. Google’s API uses JSON instead of XML.

In terms of capabilities, GCE is not as advanced as EC2, but it’s vastly more powerful than Linode, Digital Ocean, and the like. One exception is that Google doesn’t permit sending SMTP directly from GCE instances. They have a partnership with Sendgrid for that. I’m using Mandrill instead, and so far I’m very pleased with that choice.

Migration from EC2 to GCE without re-installation

It’s possible to migrate virtual machines from EC2 to GCE. This post explains how I migrated my production Ubuntu 12.04 LTS instance. It’s not a detailed guide. If you possess a good amount of Linux operations knowledge, I hope the information here will help you do your own migration quickly.

Assumptions

Important differences between EC2 and GCE

EC2 uses Xen for virtualization. GCE uses KVM.

Most EC2 instances are paravirtualized (PV). They do not emulate actual PC hardware, and depend on Xen support in the kernel. Most of the time, EC2 instances use PVGRUB to boot. PVGRUB is part of the Amazon Kernel Image (aki-xxxxxxxx) associated with your instance. PVGRUB basically parses a GRUB configuration file in your root filesystem, figures out what kernel you want to boot, and tells Xen to boot it. You never actually run GRUB inside your instance.

With KVM, you have a full hardware virtual machine that emulates a PC. It requires a functioning bootloader in your boot disk image. Without one, you won’t boot. Fixing this, and using a kernel with the proper support, are the two main obstacles in migrating a machine from EC2 to GCE.

Let’s get started.

On EC2:

Snapshot your system before you do anything else. If you’re paranoid, create the snapshot while your system isn’t running.

Install a recent kernel. The Ubuntu 12.04 LTS kernel images don’t have the virtio SCSI driver needed by GCE. I used HPA’s 3.13.11 generic kernel. (These days it isn’t necessary to use a “virtual” kernel image. The generic ones have all the paravirtualized drivers and Xen/KVM guest support.)

Make sure your EC2 system still boots! If it doesn’t boot on EC2, it won’t do much good on GCE.

On GCE:

Create and boot a new (temporary) instance on GCE using one of their existing distribution bundles.

Create a new volume large enough to receive the boot volume you have at EC2, and attach it to your temporary instance.

Create an MBR partition table on the target volume, partition it, and create a root filesystem.

Mount your new filesystem.

On EC2:

Copy data to your new GCE filesystem. Use any method you like; consider creating a volume on EC2 from the snapshot you just created and using that as your source. That will make sure you copy device nodes and other junk you might overlook otherwise. Remember to use a method that preserves hard links, sparse files, extended attributes, ACL’s, and so on.

On GCE:

Verify you received your data on your target volume and everything looks OK.

I frequently connect to insecure Wi-Fi networks on my iOS devices and my Mac. Aside from the risk of eavesdropping and malware when connecting to these hotspots, they frequently block access to services, insert advertisements in web pages, or worse.

To work around these problems, I’ve tried numerous virtual private network (VPN) services. My experience with most of them has been awful. They tend to connect slowly or not at all, and I frequently can’t access anything on the Internet once the VPN connection is made. Many services don’t offer automatic connections, particularly on iOS. The software tends to be clunky and confusing.

Cloak VPN is an exception. I’ve been using Cloak for several months, and it’s been rock solid. It’s also affordable, at $3/mo for 5GB of data transfer or $10 for unlimited transfer. If you don’t want a subscription, Cloak also offers the ability to buy non-renewing, unlimited passes for a week, a month, or a year.

Cloak automatically detects when you’re connecting to insecure Wi-Fi and protects your connection. One account can be used to protect all your computers and iDevices.

Cloak released version 2.0 today for iOS, which is a significant upgrade. You can now identify trusted networks, such as your home or cellular network, and Cloak will stay out of the way when you use those networks. This means you can set it up and pretty much forget about it. (Cloak for Mac already offers this capability.)

Like any VPN, using Cloak can cause issues. Cloaked connections are sometimes misidentified by servers as coming from a “bot” instead of a human. This isn’t Cloak’s fault, but a consequence of well-intentioned but misguided system administrators. Some sites won’t let you connect at all, while others, such as Wells Fargo, may ask an extra question when you sign in.

With a few clicks or taps, you can disable Cloak and connect to problem sites. In practice, I’ve only found one or two websites that were completely blocked while using Cloak. I’ve also had outgoing iMessages get blocked sporadically. In all, the issues have been minor, and far outweighed by the benefits of the service.

Cloak has very responsive customer service and is sometimes able to work around blocks by re-routing traffic for certain websites.

I highly encourage you to learn more about Cloak and get started with a free 30-day trial. You don’t need to hand over a credit card to get stared.

Cloak provides small data kickbacks to users who tout them on Twitter. I don’t spam my followers so that I can get free stuff. I’m posting this because I rely on Cloak, and I think everyone should check it out.